Weeping Angel: The Smart TV Hacking Sensation

A new kind of malicious attack is making headlines these days and it has the potential to impact a huge number of TV sets in very little time!

By using rogue DVB-T (Digital Video Broadcasting – Terrestrial) signals, the attacker gets access at the root level of the smart TV and then uses that access for things like a DDos attack or to spy on users. Once tested, the attacks were successful against two fully updated Samsung smart TV’s. The web browsers running in the background of the smart TV’s are known to have security flaws, so the attacker is able to gain access that way and by just tweaking it slightly the hacker will be able to move on to more brands of smart TV’s.

The recent WikiLeaks document that was published discusses a software tool called Weeping Angel that puts your TV in a fake off mode which makes your TV appear off while it’s recording and listening to via the TV’s microphone and camera. It looks like this:

Rafael Scheel, who works for the ethical hacking company Oneconsult, held a public meeting where she demonstrated just how easy it is to hack into a smart TV.

“Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways,” Rafael Scheel said, “Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone.”

During her meeting, Scheel was able to remotely connect to the TV from the internet and take complete control of the device. The infection is also incredibly difficult to get rid of, sticking around after device reboots and even factory resets. Scheel concluded that about 90% of TV’s sold in the last year have potential to be victims of these types of attacks.

But, enough of the technical mumbo jumbo! The issue with smart TV hacks (besides the obvious…) is that protecting against them, as of right now, is very difficult.

Experts recommend:

–– Research before you buy your device

– – Strengthening Wi-Fi settings

oConnect home devices on another network that your laptop/computer isn’t connected to.

– – Regularly auditing devices for updates

oKeep your devices up to date!

– – Use strong passwords

oTry to memorize them so they’re not stored and easily accessed in another location

– – Mute microphone when not in use

oThe audio equivalent of the ol’ piece of tape over the camera on your laptop trick

Stay up to date with Tech Help Boston, we’ll roll out more information regarding protection against these attacks as it becomes available.